Agents
CVE-2026-2256: Command Injection in ModelScope MS-Agent Shell Tool Enables Full Runtime Compromise
A critical command injection flaw was disclosed in ModelScope's MS-Agent framework Shell tool, where unsanitized user input passed to shell commands via a regex blacklist allows arbitrary OS command execution in the agent's runtime. The root cause — a blacklist approach instead of allowlist or sandboxing — mirrors the pattern seen in Langflow and n8n CVEs earlier this cycle. Any MS-Agent deployment accepting user-controlled input through tool calls is potentially exposed.
Source
↳ Follow the thread